Unrated severityNVD Advisory· Published Sep 12, 2023· Updated Sep 25, 2024
FactoryTalk View Machine Edition Vulnerable to Remote Code Execution
CVE-2023-2071
Description
Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets. The device has the functionality, through a CIP class, to execute exported functions from libraries. There is a routine that restricts it to execute specific functions from two dynamic link library files. By using a CIP class, an attacker can upload a self-made library to the device which allows the attacker to bypass the security check and execute any code written in the function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Rockwell Automation/Fav5Range: <=13.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.